CVE-2010-0138
published 2010-01-21CVE-2010-0138: Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution…
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.48%
94.3th percentile
Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_internetwork_performance_monitor | <= 2.6 | — |
| cisco | ciscoworks_internetwork_performance_monitor | — | — |
| cisco | ciscoworks_internetwork_performance_monitor | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qr7w-wgw7-hp4g: Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2
ghsa_unreviewed·2022-05-02
CVE-2010-0138 [HIGH] CWE-119 GHSA-qr7w-wgw7-hp4g: Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2
Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.
Cisco
CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
vendor_cisco·2010-01-20·CVSS 10.0
CVE-2010-0138 [CRITICAL] CWE-119 CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
CiscoWorks Internetwork Performance Monitor (IPM) versions 2.6 and
earlier for Microsoft Windows operating systems contain a buffer overflow
vulnerability that could allow a remote unauthenticated attacker to execute
arbitrary code. There are no workarounds for this vulnerability.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100120-ipm.
Cisco
CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
vendor_cisco
CVE-2010-0138 CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
CVE-2010-0138: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
CiscoWorks Internetwork Performance Monitor (IPM) versions 2.6 and earlier for Microsoft Windows operating systems contain a buffer overflow vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code. There are no
CWE: CWE-119, CWE-119
Bug IDs: CSCsv62350
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/38230http://securitytracker.com/id?1023484http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtmlhttp://www.securityfocus.com/bid/37879http://www.vupen.com/english/advisories/2010/0184http://www.zerodayinitiative.com/advisories/ZDI-10-004/https://exchange.xforce.ibmcloud.com/vulnerabilities/55768http://secunia.com/advisories/38230http://securitytracker.com/id?1023484http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtmlhttp://www.securityfocus.com/bid/37879http://www.vupen.com/english/advisories/2010/0184http://www.zerodayinitiative.com/advisories/ZDI-10-004/https://exchange.xforce.ibmcloud.com/vulnerabilities/55768
2010-01-21
Published